Skip to main content

NIH concerned over D.A.’s plea agreement with former employee

August 25, 2014

Victoria Alexander-Lane, NIH CEO

Inyo County District Attorney Tom Hardy has reached a plea agreement with Bishop resident Cherie Matteson née LeBraque who was accused last year of illegally accessing medical records at Northern Inyo Hospital.
The proposed plea agreement states that LaBraque enters a plea of guilty or no contest to unlawfully accessing medical records (a misdemeanor) and that she be placed on probation for three years.
Under the terms of the agreement, she would be required to perform 240 hours of community work service, pay fines and fees to be set by the court and not work or volunteer in a business or agency where she would have access to confidential health information without the permission of the court or probation officer while she is on probation. If accepted, she would also be required to pay restitution for damages or loss suffered. This could, at the discretion of the court, include administrative fines and fees paid by the Northern Inyo Hospital District.
There would also be “no contact”/stay away orders from the several persons whose records she accessed (except for some members of her own family).
A judge is scheduled to review the settlement agreement at 1 p.m. Wednesday, Sept. 3 in Bishop courts. Hardy said representatives from Northern Inyo Hospital and patients who had their medical records accessed are all invited to attend and speak in regards to the proposed settlement.
“Ultimately, it is up to the judge as to whether or not the agreement is acceptable” Hardy said.
NIH CEO Victoria Alexander-Lane said that hospital records show that LaBraque illegally accessed the records of 10 patients in “the worst breach” of doctor-patient confidentiality “that I have ever seen.”
NIH Director of Compliance Kelli Huntsinger said an extensive audit of the hospital’s records shows that the unlawful access of medical records began 10 days after LeBraque began work at the hospital in 2010, and appears to have continued until she was fired after the illegal access was reported last year.
Huntsinger said the hospital is required to report any such breach to state and federal authorities, which each investigated the allegations. She explained that the federal Office of Civil Rights investigated the matter and found that the hospital had provided all the appropriate training necessary for employees and was not at fault for the breach.
“The Office of Civil Rights said we were compliant with all regulations,” Alexander-Lane said. “If we had not trained her, we would have had substantial fines.”
The Hospital CEO said she would have liked to see felony charges brought against LaBraque for felony violations under the Health Insurance Portability and Accountability Act for two reasons. She explained that someone who is convicted of a HIPAA violation could be banned from the healthcare profession for life.
She also said that this plea agreement “makes it 10 times harder to bring the gravity when we’re training new employees. We tell them ‘we will fire you and you could go to jail,’” if unlawful access to medical files are made. But a plea agreement like the one proposed for LeBraque tells employees that a HIPAA violation is not a serious offence.
Hardy said that he does not have the authority to charge anyone with a HIPAA violation, and those charges must come from state or federal attorneys. He added that the charges filed in Inyo County do not preclude state or federal agencies from filing felony HIPAA charges.
Taking that into account, Hardy said the victim in the charges filed against LaBraque is Northern Inyo Hospital, and not the 10 patients who had their medical records accessed.
Huntsinger said that even though the Office of Civil Rights found that the hospital was not at fault for the breaches, administrators have worked over the past year to upgrade its filing system and auditing practices to ensure that breaches do not happen in the future. “The worst part is the fear that it might instill in people,” Huntsinger said. “We are in a small town and we really need to be careful with people’s information. “We’ve developed significant audits and all new employees are now audited after their 90-day probation period. We also have a monthly audit of 10 percent of inpatient and emergency department patient files,” in addition to regular training all employees who have access to medical records receive.
One of the 10 victims who had their medical records accessed said the ramifications of the breach are still being felt. “Because of this, I really do not feel like I can get medical care in this valley,” the victim said. “Wherever I end up I’m uncomfortable.”
The victim did say that they believe NIH has handled the situation well. “I absolutely do not believe this is a systemic problem. It was a rogue employee. NIH is a victim in this case too. I am very happy with how the hospital has handled this. It has made me feel very comfortable that they did everything within their power, and that’s been shown by their actions.”

Premium Drupal Themes by Adaptivethemes